28076 matches found
CVE-2026-20821
Exposure of sensitive information to an unauthorized actor in Windows Remote Procedure Call allows an unauthorized attacker to disclose information locally...
Windows Kernel Information Disclosure Vulnerability
Generation of error message containing sensitive information in Windows Kernel allows an authorized attacker to disclose information locally...
Windows Kernel Information Disclosure Vulnerability
Insertion of sensitive information into log file in Windows Kernel allows an unauthorized attacker to disclose information locally...
Microsoft Windows File Explorer Spoofing Vulnerability
Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized attacker to perform spoofing over a network...
Windows File Explorer Information Disclosure Vulnerability
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally...
Windows File Explorer Information Disclosure Vulnerability
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally...
Tablet Windows User Interface (TWINUI) Subsystem Information Disclosure Vulnerability
Exposure of sensitive information to an unauthorized actor in Tablet Windows User Interface TWINUI Subsystem allows an authorized attacker to disclose information locally...
CVE-2025-14507 EventPrime - Events Calendar, Bookings and Tickets <= 4.2.7.0 - Unauthenticated Sensitive Information Exposure via REST API
The EventPrime - Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.2.7.0 via the REST API. This makes it possible for unauthenticated attackers to extract sensitive booking data including user names,...
CVE-2025-14507
CVE-2025-14507 — EventPrime for WordPress suffers unauthenticated sensitive information exposure via the REST API in all versions up to and including 4.2.7.0. Unauthenticated attackers could exfiltrate booking data (user names, emails, ticket details, payment information, and order keys) when the...
CVE-2026-0497
SAP Product Designer Web UI of Business Server Pages allows authenticated non-administrative users to access non-sensitive information. This results in a low impact on confidentiality, with no impact on integrity or availability of the application...
CVE-2026-0497
CVE-2026-0497 affects SAP Product Designer Web UI of Business Server Pages. The issue arises from a missing authorization check, allowing authenticated non-administrative users to access non-sensitive information. Reported impact is limited to confidentiality (low); no impact on integrity or avai...
Microsoft Dynamics 安全漏洞
Microsoft Dynamics is a suite of ERP business solutions for multinational organizations from Microsoft USA. The product includes financial management, production management and business intelligence management. A security vulnerability exists in Microsoft Dynamics. An attacker exploiting this...
Microsoft Windows File Explorer 信息泄露漏洞
Microsoft Windows File Explorer is a file manager application from Microsoft USA. An information disclosure vulnerability exists in Microsoft Windows File Explorer, which can be exploited by attackers to obtain sensitive information...
PT-2026-2467
Name of the Vulnerable Software and Affected Versions Fortinet FortiFone versions 7.0.0 through 7.0.1 Fortinet FortiFone versions 3.0.13 through 3.0.23 Description An exposure of sensitive information to an unauthorized actor allows an unauthenticated attacker to obtain the device configuration v...
PT-2026-2333
Name of the Vulnerable Software and Affected Versions SAP Product Designer Web UI of Business Server Pages affected versions not specified Description The SAP Product Designer Web UI of Business Server Pages allows authenticated, non-administrative users to access non-sensitive information. This...
PT-2026-2673
Name of the Vulnerable Software and Affected Versions Windows File Explorer affected versions not specified Description A flaw exists in Windows File Explorer that could allow an attacker to disclose sensitive information locally. An authorized attacker can leverage this to gain access to...
PT-2026-2739
CVE-2026-20937 Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally. https://t.co/7wV1JGOJF9...
Insertion of Sensitive Information into Log File
Overview hermes is a Workflow to publish research software with rich metadata Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File in the -O options argument handling process. An attacker can obtain sensitive information by accessing log files that...
CVE-2026-22788
WebErpMesv2 is a Resource Management and Manufacturing execution system Web for industry. Prior to 1.19, the WebErpMesV2 application exposes multiple sensitive API endpoints without authentication middleware. An unauthenticated remote attacker can read business-critical data including companies,...
CVE-2026-22798
hermes is an implementation of the HERMES workflow to automatize software publication with rich metadata. From 0.8.1 to before 0.9.1, hermes subcommands take arbitrary options under the -O argument. These have been logged in raw form. If users provide sensitive data such as API tokens e.g., via...